<?php
if (@$_REQUEST['sAction']) {
	$sClass = substr($_REQUEST['sAction'], 0, strpos($_REQUEST['sAction'], '-'));
	$oActionsController[$sClass] = array();
	require('include/classes/'.$sClass.'/'.$sClass.'.access.php');
	$sNeed = $oActionsController[$sClass][$_REQUEST['sAction']]['need'];
	$sHandler = $oActionsController[$sClass][$_REQUEST['sAction']]['handler'];
	
	$bPass = false;
	
	$sJobHandled = array(
		'job',
		'mission',
		'file',
	);
	if (in_array($sHandler, $sJobHandled)) {
		$bPass = JobHandler::canDo($sHandler, $sNeed, (@$_REQUEST['iJob'] ? $_REQUEST['iJob'] : $_SESSION['iJobID']));
		$sHandler = '';
	}
	
	switch ($sHandler)
	{
		case 'issue':
			switch ($sNeed) {
				case 'write':
					$oJobConfig = JobHandler::getConfig($_REQUEST['iJob']);
					$bPass = $oJobConfig['bPublic'];
					break;
			}
			break;
		case 'client':
			switch ($sNeed)
			{
				case 'accountant':
					$oUsers = UserHandler::getUsers();
					$bPass = ($oUsers[$_SESSION['rid']]->bAccountant);
					break;
				case 'admin':
					if (is_array($_REQUEST['iClientgroups'])) { // This is for client-socials.
						$bPass = true;
						foreach ($_REQUEST['iClientgroups'] as $iClientgroup) {
							if (!ClientHandler::getAccess($iClientgroup)) {
								$bPass = false;
							}
						}
					}
					else {
						$bPass = (ClientHandler::getAccess($_REQUEST['iClientgroup']) == 'admin');
					}
					break;
				case 'accountant|admin':
					$oUsers = UserHandler::getUsers();
					if ($oUsers[$_SESSION['rid']]->bAccountant) {
						$bPass = true;
					}
					else {
						if (is_array($_REQUEST['iClientgroups'])) { // This is for client-socials.
							$bPass = true;
							foreach ($_REQUEST['iClientgroups'] as $iClientgroup) {
								if (!ClientHandler::getAccess($iClientgroup)) {
									$bPass = false;
								}
							}
						}
						else {
							$bPass = (ClientHandler::getAccess($_REQUEST['iClientgroup']) == 'admin');
						}
					}
					break;
			}
			break;
		case 'jobgroup':
			switch ($sNeed)
			{
				case 'owner':
					$oJobgroups = JobgroupHandler::getJobgroups();
					$bPass = is_object($oJobgroups[$_REQUEST['iJobgroup']]);
					break;
			}
			break;
		case 'usergroup':
			switch ($sNeed)
			{
				case 'admin':
					$sUsers = UsergroupHandler::getUsers($_REQUEST['iUsergroup']);
					$bPass = ($sUsers[$_SESSION['rid']] == 'admin');
					break;
			}
			break;
		case 'system':
			switch ($sNeed)
			{
				case 'none':
					$bPass = true;
					break;
				case 'login':
					$bPass = (@$_SESSION['rid'] ? true : false);
					break;
				case 'sameuser':
					$bPass = ($_REQUEST['iUser'] == $_SESSION['rid'] && !$_REQUEST['bAdmin']);
					break;
				case 'admin':
					$oUsers = UserHandler::getUsers();
					$bPass = $oUsers[$_SESSION['rid']]->bAdmin;
					break;
				case 'admin|public':
					$oAppconfig = AppconfigHandler::getConfig();
					if ($oAppconfig['bAllowPublic']) {
						$bPass = true;
					}
					else {
						$oUsers = UserHandler::getUsers();
						$bPass = $oUsers[$_SESSION['rid']]->bAdmin;
					}
					break;
				case 'admin|sameuser':
					$oUsers = UserHandler::getUsers();
					$bPass = ($_REQUEST['iUser'] == $_SESSION['rid'] && !$_REQUEST['bAdmin']) || $oUsers[$_SESSION['rid']]->bAdmin;
					break;
			}
			break;
	}
	unset($oActionsController);
	unset($sNeed);
	unset($sHandler);
	unset($sJobHandled);
	
	if (!$bPass)
	{
		ErrorHandler::addError('Access denied');
	}
	else
	{
		require('include/classes/'.$sClass.'/'.$sClass.'.request.php');
	}
}
?>
